diff --git a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
index 61c6e94eb..bb533feca 100644
--- a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
+++ b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
@@ -78,11 +78,14 @@ public static void VerifyUserHasAnyAcceptedScope(this HttpContext context, param
                 if (scopeClaim == null || !scopeClaim.Value.Split(' ').Intersect(acceptedScopes).Any())
                 {
                     string message = string.Format(CultureInfo.InvariantCulture, IDWebErrorMessage.MissingScopes, string.Join(",", acceptedScopes));
-
-                    context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
-                    context.Response.WriteAsync(message);
-                    context.Response.CompleteAsync();
-
+                    
+                    lock (context)
+                    {
+                        context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                        context.Response.WriteAsync(message);
+                        context.Response.CompleteAsync();
+                    }
+                    
                     throw new UnauthorizedAccessException(message);
                 }
             }